Securely transmitting data is a critical task when attempting to exchange sensitive data between remote devices over a network. One way to ensure secure data transmission is by establishing a secure channel using HTTPS or a similar secure protocol. Unfortunately, those libraries increase executable code size and network overhead for all transactions. It would be desirable to provide a way to securely transmit data between remote devices through an insecure channel, without the overhead and other drawbacks associated with HTTPS and similar secure transmission protocols.
Broadly speaking, cryptography provides a way to conceal data in such a manner that, even if intercepted by a nefarious third party, the underlying data cannot be consumed without being deciphered. Cryptography typically relies on mathematical algorithms that modify the underlying data to be protected in such a manner that it is impossible or computationally impractical to decipher the encrypted data without a key associated with the encryption of that particular set of data.
Encryption can be classified under two general types, symmetric cryptography and asymmetric cryptography (sometimes known as public key cryptography).
Symmetric encryption, such as that used in data encryption standard (DES), advanced encryption standard (AES), and the like, relies on the same keys for both the encryption and decryption of data. The symmetric keys may be exactly identical, or be the same insofar as only a simple transformation is required to get from one key to the other. One of the main drawbacks associated with symmetric cryptography is the requirement for the symmetric keys to remain secret to only the encrypting and decrypting devices, since knowledge of the symmetric keys renders the underlying data easily decipherable. Secrecy may be accomplished by setting up a secure channel for delivery of the symmetric keys to each of the remote devices, or by some other delivery process that ensures secrecy of the keys. Since the symmetric key is often changed with each set of data or each transmission session to ensure security, key management becomes a difficult process, and it may be impractical to securely transmit a new symmetric key to the two remote devices with each session. Moreover, while the symmetric encryption process is typically less computationally demanding than a comparable asymmetric process, the resulting encrypted data is also easier to decipher without the key.
By contrast, asymmetric encryption, such as Rivest-Shamir-Adelman (RSA), relies on two asymmetric keys, known as a public key and private key pair. The two keys are different but mathematically linked in such a manner that it is computationally infeasible to determine the private key with knowledge of only the public key. The public key may be published freely and used to encrypt the data, while the private key is kept secret and used for decryption. Unfortunately, asymmetric encryption is a computationally hard process that may be very time consuming for encryption of relative large sets of data.
There are some hybrid crypto systems that attempt to balance the two approaches by first encrypting the data with a symmetric key, then encrypting only that symmetric key with an asymmetric key. Because the symmetric key is encrypted with a separate asymmetric key and delivered to the recipient device, along with the symmetrically encrypted data, a symmetric key does not need to be separately delivered to recipient device for decryption, thereby somewhat easing the key management burden. However, with these conventional hybrid approaches, the underlying data has only been encrypted with the symmetric key and may still be vulnerable, particularly in situations involving the repetitive transmission of common data, since even generating a new symmetric key each time does not completely prevent patterns across the repeated data from being exploited by a nefarious third party.
It is within this context that the present disclosure arises.